| delorie.com/archives/browse.cgi | search |
| X-Recipient: | archive-cygwin AT delorie DOT com |
| X-SWARE-Spam-Status: | No, hits=-2.6 required=5.0 tests=BAYES_00 |
| X-Spam-Check-By: | sourceware.org |
| In-Reply-To: | <16301_1264086092_4B586C4C_16301_305990_2_OF11708682.5FB599E5-ONC12576B2.0050FA30-C12576B2.00528821@nbg.sdv.spb.de> |
| References: | <16301_1264086092_4B586C4C_16301_305990_2_OF11708682 DOT 5FB599E5-ONC12576B2 DOT 0050FA30-C12576B2 DOT 00528821 AT nbg DOT sdv DOT spb DOT de> |
| To: | cygwin AT cygwin DOT com |
| MIME-Version: | 1.0 |
| Subject: | Cygwin/OpenSSH V.5.3: Key authentication does not work under Windows 2008: Problem is solved now!!! |
| X-KeepSent: | 6D70C15D:A621C2E3-C12576B2:00585C7B; type=4; name=$KeepSent |
| Message-ID: | <4426_1264090236_4B587C7C_4426_313_1_OF6D70C15D.A621C2E3-ONC12576B2.00585C7B-C12576B2.0058DAC7@nbg.sdv.spb.de> |
| From: | Carsten DOT Porzler AT spb DOT de |
| Date: | Thu, 21 Jan 2010 17:10:32 +0100 |
| X-SafeGuard_MailGateway: | Version: 5.60.3.9976 SGMG Date: 20100121161036Z |
| X-IsSubscribed: | yes |
| Mailing-List: | contact cygwin-help AT cygwin DOT com; run by ezmlm |
| List-Id: | <cygwin.cygwin.com> |
| List-Unsubscribe: | <mailto:cygwin-unsubscribe-archive-cygwin=delorie DOT com AT cygwin DOT com> |
| List-Subscribe: | <mailto:cygwin-subscribe AT cygwin DOT com> |
| List-Archive: | <http://sourceware.org/ml/cygwin/> |
| List-Post: | <mailto:cygwin AT cygwin DOT com> |
| List-Help: | <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs> |
| Sender: | cygwin-owner AT cygwin DOT com |
| Mail-Followup-To: | cygwin AT cygwin DOT com |
| Delivered-To: | mailing list cygwin AT cygwin DOT com |
Dear Cygwin Community,
my problem described is solved now.
The change to Windows Server 2003 is the fact, that the OpenSSHd Server
service must run under a user account, SYSTEM account is not enough!
The choosen user account must have the following privileges:
Create a token object
Logon as a service
Replace a process level token
Increase Quota
It does not work, if you give SYSTEM account all the rights! These
behaviour was described in the year 2007 in a "CopSSH" forum.
No further investigation is needed.
Thanks and
best regards
Carsten Porzler
cygwin-owner AT cygwin DOT com schrieb am 21.01.2010 16:01:28:
> [Bild entfernt]
>
> Cygwin/OpenSSH V.5.3: Key authentication does not work under Windows
2008...
>
> Carsten.Porzler
>
> an:
>
> cygwin
>
> 21.01.2010 16:01
>
> Gesendet von:
>
> cygwin-owner AT cygwin DOT com
>
> Dear Cygwin experts,
>
> we installed Cygwin/OpenSSH V.5.3
>
> CYGWIN_NT-6.1-WOW64 d00atq49 1.7.1(0.218/5/3) 2009-12-07 11:48 i686
Cygwin
> OpenSSH_5.3p1, OpenSSL 0.9.8l 5 Nov 2009
>
> on a Windows 2008 64-bit system.
>
> Unfortunetly the key authentication does not work. The connection
> initiation interrupts on server side with the following errors: seteuid
> <user-id>: Permission denied
>
> debug1: userauth-request for user testuser01 service ssh-connection
method
> none
> debug1: attempt 0 failures 0
> debug3: Trying to reverse map address 10.2.240.11.
> debug2: parse_server_config: config reprocess config len 229
> debug2: input_userauth_request: setting up authctxt for testuser01
> debug2: input_userauth_request: try method none
> Failed none for testuser01 from 10.2.240.11 port 2467 ssh2
> debug3: Wrote 80 bytes for a total of 1549
> debug1: userauth-request for user testuser01 service ssh-connection
method
> publickey
> debug1: attempt 1 failures 0
> debug2: input_userauth_request: try method publickey
> debug1: test whether pkalg/pkblob are acceptable
> debug1: temporarily_use_uid: 1011/513 (e=18/544)
> seteuid 1011: Permission denied
> debug1: do_cleanup
>
> The password authentication with the same user on the same server works
> fine.
>
> The OpenSSHd service is running under system account. The file
> cyglsa64.dll is loaded from the registry key
> "HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Authentication Packages".
>
> The public key file is owned by the user "testuser01", to which I want
to
> switch to, and is readable for group and all others.
>
> The OpenSSHd service is running without Privilege Separation (we also
> tried this in meantime, but fails, too). It's the same configuration as
we
> have used since years on our Windows Server 2003 systems (32-bit).
>
> What can be the reason(s) for this behaviour?
>
> Thanks for help in advance and
>
> best regards
>
> Carsten Porzler
>
>
> --
> Problem reports: http://cygwin.com/problems.html
> FAQ: http://cygwin.com/faq/
> Documentation: http://cygwin.com/docs.html
> Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
>
--
Problem reports: http://cygwin.com/problems.html
FAQ: http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
| webmaster | delorie software privacy |
| Copyright © 2019 by DJ Delorie | Updated Jul 2019 |